PoC provided by :

Reference(s) :

Affected version(s) :

Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh
Adobe Flash Player 11.2.202.327 and earlier versions for Linux

Tested on :

with Flash Player 11.9.900.152 Active X version (flashplayer11_9r900_152_winax.exe) and Internet Explorer 8 on Windows 7 SP1

Description :

This module exploits a type confusion vulnerability found in the ActiveX component of Adobe Flash Player. This vulnerability was found exploited in the wild in November 2013. This module has been tested successfully on IE 6 to IE 10 with Flash 11.7, 11.8 and 11.9 prior to 11.9.900.170 over Windows XP SP3 and Windows 7 SP1.